Skip to content

OrbitNTNU/server.sshaccess.orbit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

73 Commits
.github/workflows
.github/workflows
 
 
.gitattributes
.gitattributes
 
 
README.md
README.md
 
 
authorized_keys
authorized_keys
 
 
authorized_keys.devopstaket
authorized_keys.devopstaket
 
 
authorized_keys.orbitprod
authorized_keys.orbitprod
 
 
authorized_keys.payloadtaket
authorized_keys.payloadtaket
 
 
authorized_keys.webtaket
authorized_keys.webtaket
 
 
config
config
 
 
rootkey_orbit.pub
rootkey_orbit.pub
 
 

Repository files navigation

Server SSH Access

This repository automatically distributes "authorized_keys" files to servers.

On a push to this repository, all authorized_keys files are updated on all servers.

Basic understandings

SSH Keys basics: "https://youtu.be/ZKZbPZCnHRE?t=257"

Usage

  1. find or create the key you want to add (e.g. ~/.ssh/id_ed25519.pub)
    if you don't have a key yet, you can create one with ssh-keygen -t ed25519 to print the key use cat ~/.ssh/id_ed25519.pub on linux/mac and type %USERPROFILE%\.ssh\id_ed25519.pub on windows

  2. add the key to the authorized_keys.<servername> file in this repository (for the server you want to get access to)

  3. commit and push the changes to this repository

  4. add new host to "/.ssh/config" locally on your machine

    Host <hostname>
    Hostname <hostname>
    User <user>
    Port <port> # optional

  5. If everything is done right, you should have access without need for password with command ssh user@hostname

Add host

This script connects to the server via SSH with the rootkey to update the authorized_keys file.

For this script to work it needs SSH access to the server. For this the server needs to have the contents of the rootkey.pub in the servers authorized_keys file.

Prepare server

  1. You need to have SSH access to the server. Note down the Hostname and the User you want to use.
  2. add the rootkey_*.pub from this repository to the server's ~/.ssh/authorized_keys file (in the users home directory)
    connect to the server (via ssh)
    a. if the folder does not exist, use: mkdir ~/.ssh to create the directory and adjust the rights with: chmod 700 ~/.ssh
    b. use nano ~/.ssh/authorized_keys to add the rootkey (exit with ctrl+c, then "y" then press return, afterwards adjust the rights with chmod 600 ~/.ssh/authorized_keys

Configure repository

  1. add new host to "config" file 
    Host <hostname>
    Hostname <hostname>
    User <user>
    Port <port> # optional
  2. add host to ".github/workflows/update-all.yml" file
  3. push the changes to this repository

Server SSH configuration

  1. Now check with your own key if you have access to the server

    ssh <user>@<hostname

  2. ONLY CONTINUE IF YOU HAVE ACCESS WITHOUT NEEDING A PASSWORD

  3. Now you need to disable password login and root login via SSH

    sudo nano /etc/ssh/sshd_config

    find and change the following lines

    PasswordAuthentication no
PermitRootLogin no

  4. restart the SSH service

    sudo systemctl restart sshd

About

SSH Access Control to all Orbit servers

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 4

  •  
  •  
  •  
  •